void DisableDataExecution() { // first try the documented SetProcessDEPPolicy SetProcessDEPPolicyFunc spdp; spdp = (SetProcessDEPPolicyFunc) LoadDllFunc(L"kernel32.dll", "SetProcessDEPPolicy"); if (spdp) { spdp(PROCESS_DEP_ENABLE); return; } // now try undocumented NtSetInformationProcess _NtSetInformationProcess ntsip; DWORD depMode = MEM_EXECUTE_OPTION_DISABLE | MEM_EXECUTE_OPTION_DISABLE_ATL; ntsip = (_NtSetInformationProcess)LoadDllFunc(L"ntdll.dll", "NtSetInformationProcess"); if (ntsip) ntsip(GetCurrentProcess(), PROCESS_EXECUTE_FLAGS, &depMode, sizeof(depMode)); }
// Return true if application is themed. Wrapper around IsAppThemed() in uxtheme.dll // that is compatible with earlier windows versions. bool IsAppThemed() { FARPROC pIsAppThemed = LoadDllFunc(L"uxtheme.dll", "IsAppThemed"); if (!pIsAppThemed) return false; if (pIsAppThemed()) return true; return false; }
bool IsRunningInWow64() { #ifndef _WIN64 typedef BOOL (WINAPI *IsWow64ProcessProc)(HANDLE, PBOOL); IsWow64ProcessProc _IsWow64Process = (IsWow64ProcessProc)LoadDllFunc(L"kernel32.dll", "IsWow64Process"); BOOL isWow = FALSE; if (_IsWow64Process) _IsWow64Process(GetCurrentProcess(), &isWow); return isWow; #else return false; #endif }
__declspec(noinline) bool GetCurrentThreadCallstack(str::Str<char>& s) { if (!Initialize(NULL)) return false; CONTEXT ctx; // not available under Win2000 RtlCaptureContextProc *MyRtlCaptureContext = (RtlCaptureContextProc *)LoadDllFunc(_T("kernel32.dll"), "RtlCaptureContext"); if (!MyRtlCaptureContext) return false; MyRtlCaptureContext(&ctx); return GetCallstack(s, ctx, GetCurrentThread()); }
WCHAR *NormalizeString(const WCHAR *str, int /* NORM_FORM */ form) { typedef int (WINAPI *NormalizeStringProc)(int /* NORM_FORM */, LPCWSTR, int, LPWSTR, int); NormalizeStringProc _NormalizeString = (NormalizeStringProc)LoadDllFunc(L"Normaliz.dll", "NormalizeString"); if (!_NormalizeString) return NULL; int sizeEst = _NormalizeString(form, str, -1, NULL, 0); if (sizeEst <= 0) return NULL; // according to MSDN the estimate may be off somewhat: // http://msdn.microsoft.com/en-us/library/windows/desktop/dd319093(v=vs.85).aspx sizeEst = sizeEst * 3 / 2 + 1; ScopedMem<WCHAR> res(AllocArray<WCHAR>(sizeEst)); sizeEst = _NormalizeString(form, str, -1, res, sizeEst); if (sizeEst <= 0) return NULL; return res.StealData(); }